Section: .. / 0808-advisories /
| /// File Name: |
dsa-1626-1.txt |
Description:
|
Debian Security Advisory 1626-1 - Joan Calvet discovered that httrack, a utility to create local copies of websites, is vulnerable to a buffer overflow potentially allowing to execute arbitrary code when passed excessively long URLs.
| | Homepage: | http://www.debian.org/security | | File Size: | 11491 | | Last Modified: | Aug 1 15:52:33 2008 |
| MD5 Checksum: | 0e2e89e32e0f404bfa685c074c75c3d5 |
|
| /// File Name: |
dsa-1627-1.txt |
Description:
|
Debian Security Advisory 1627-1 - Chaskiel M Grundman discovered that opensc, a library and utilities to handle smart cards, would initialise smart cards with the Siemens CardOS M4 card operating system without proper access rights. This allowed everyone to change the card's PIN.
| | Homepage: | http://www.debian.org/security | | File Size: | 12860 | | Related CVE(s): | CVE-2008-2235 | | Last Modified: | Aug 4 17:25:05 2008 |
| MD5 Checksum: | 5eed1f3a57041bd6dce9385e39451cc7 |
|
| /// File Name: |
dsa-1627-2.txt |
Description:
|
Debian Security Advisory 1627-2 - The previous security update for opensc had a too strict check for vulnerable smart cards. It could flag cards as safe even though they may be affected. This update corrects that problem.
| | Homepage: | http://www.debian.org/security | | File Size: | 13202 | | Related CVE(s): | CVE-2008-2235 | | Last Modified: | Aug 31 19:53:00 2008 |
| MD5 Checksum: | a08e37a0acc0cd253e7afd269ffbaa23 |
|
| /// File Name: |
dsa-1628-1.txt |
Description:
|
Debian Security Advisory 1628-1 - Brian Dowling discovered that the PowerDNS authoritative name server does not respond to DNS queries which contain certain characters, increasing the risk of successful DNS spoofing. This update changes PowerDNS to respond with SERVFAIL responses instead.
| | Homepage: | http://www.debian.org/security | | File Size: | 16081 | | Related CVE(s): | CVE-2008-3337 | | Last Modified: | Aug 12 22:48:26 2008 |
| MD5 Checksum: | 4c5355fa984fa4be3278a10a85ff546b |
|
| /// File Name: |
dsa-1629-1.txt |
Description:
|
Debian Security Advisory 1629-1 - Sebastian Krahmer discovered that Postfix, a mail transfer agent, incorrectly checks the ownership of a mailbox. In some configurations, this allows for appending data to arbitrary files as root.
| | Homepage: | http://www.debian.org/security | | File Size: | 13634 | | Related CVE(s): | CVE-2008-2936 | | Last Modified: | Aug 18 19:15:23 2008 |
| MD5 Checksum: | 5a5029498e47c3b0c8f6caa98004975c |
|
| /// File Name: |
dsa-1629-2.txt |
Description:
|
Debian Security Advisory 1629-2 - Due to a version numbering problem, the Postfix update for DSA 1629 was not installable on the i386 (Intel ia32) architecture. This update increases the version number to make it installable on i386 as well.
| | Homepage: | http://www.debian.org/security | | File Size: | 10095 | | Related CVE(s): | CVE-2008-2936 | | Last Modified: | Aug 20 01:57:28 2008 |
| MD5 Checksum: | d5905b0f7ab31785748e93c41a799586 |
|
| /// File Name: |
dsa-1631-1.txt |
Description:
|
Debian Security Advisory 1631-1 - Andreas Solberg discovered that libxml2, the GNOME XML library, could be forced to recursively evaluate entities, until available CPU & memory resources were exhausted.
| | Homepage: | http://www.debian.org/security | | File Size: | 11181 | | Related CVE(s): | CVE-2008-3281 | | Last Modified: | Aug 22 18:15:36 2008 |
| MD5 Checksum: | 4e11a0bf3ea05140834d932f3231418d |
|
| /// File Name: |
dsa-1631-2.txt |
Description:
|
Debian Security Advisory 1631-2 - The previous security update of the libxml2 package introduced some problems with other packages, most notably with librsvg. This update corrects these problems whilst still fixing the reported security problem.
| | Homepage: | http://www.debian.org/security | | File Size: | 13127 | | Related CVE(s): | CVE-2008-3281 | | Last Modified: | Aug 26 22:15:04 2008 |
| MD5 Checksum: | f024501160502cc01f3a8a6951c7c361 |
|
| /// File Name: |
dsa-1632-1.txt |
Description:
|
Debian Security Advisory 1632-1 - Drew Yao discovered that libTIFF, a library for handling the Tagged Image File Format, is vulnerable to a programming error allowing malformed tiff files to lead to a crash or execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 11108 | | Related CVE(s): | CVE-2008-2327 | | Last Modified: | Aug 26 22:14:44 2008 |
| MD5 Checksum: | 0e6569a1ce6eb08995b0101c1d463469 |
|
| /// File Name: |
firefox301-exec.txt |
Description:
|
Firefox version 3.0.1 (final release) suffers from an unspecified remote code execution vulnerability.
| | Author: | Beenu Arora | | Homepage: | http://www.beenuarora.com/ | | File Size: | 3979 | | Last Modified: | Aug 29 01:46:34 2008 |
| MD5 Checksum: | e5305be99ab1f77ca6497f785fd1274e |
|
| /// File Name: |
glsa-200804-22-03.txt |
Description:
|
Gentoo Linux Security Advisory [UPDATE] GLSA 200804-22:03 - Amit Klein of Trusteer reported that insufficient randomness is used to calculate the TRXID values and the UDP source port numbers (CVE-2008-1637). Thomas Biege of SUSE pointed out that a prior fix to resolve this issue was incomplete, as it did not always enable the stronger random number generator for source port selection (CVE-2008-3217). Versions less than 3.1.6 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2870 | | Related CVE(s): | CVE-2008-1637, CVE-2008-3217 | | Last Modified: | Aug 21 20:28:39 2008 |
| MD5 Checksum: | ebb72f271795a16c7a89e0cc3a25ae70 |
|
| /// File Name: |
glsa-200808-02.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200808-02 - Wes Hardaker reported that the SNMPv3 HMAC verification relies on the client to specify the HMAC length (CVE-2008-0960). John Kortink reported a buffer overflow in the Perl bindings of Net-SNMP when processing the OCTETSTRING in an attribute value pair (AVP) received by an SNMP agent (CVE-2008-2292). Versions less than 5.4.1.1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3179 | | Related CVE(s): | CVE-2008-0960, CVE-2008-2292 | | Last Modified: | Aug 6 17:36:36 2008 |
| MD5 Checksum: | 44e4c6fc6bddaa075347ab6e5add0b9f |
|
| /// File Name: |
glsa-200808-03.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200808-03 - Multiple vulnerabilities have been reported in Mozilla Firefox, Thunderbird, SeaMonkey and XULRunner, some of which may allow user-assisted execution of arbitrary code. Versions less than 2.0.0.16 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 8999 | | Related CVE(s): | CVE-2008-1380, CVE-2008-2785, CVE-2008-2798, CVE-2008-2799, CVE-2008-2800, CVE-2008-2801, CVE-2008-2802, CVE-2008-2803, CVE-2008-2805, CVE-2008-2807, CVE-2008-2808, CVE-2008-2809, CVE-2008-2810, CVE-2008-2811, CVE-2008-2933 | | Last Modified: | Aug 6 17:36:56 2008 |
| MD5 Checksum: | 3e9e86e69a0a6a15cd07a7aee45c952c |
|
| /// File Name: |
glsa-200808-04.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200808-04 - Multiple vulnerabilities related to memory management were discovered in the GSM SMS dissector (CVE-2008-3137), the PANA and KISMET dissectors (CVE-2008-3138), the RTMPT dissector (CVE-2008-3139), the syslog dissector (CVE-2008-3140) and the RMI dissector (CVE-2008-3141) and when reassembling fragmented packets (CVE-2008-3145). Versions less than 1.0.2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3206 | | Related CVE(s): | CVE-2008-3137, CVE-2008-3138, CVE-2008-3139, CVE-2008-3140, CVE-2008-3141, CVE-2008-3145 | | Last Modified: | Aug 6 17:37:16 2008 |
| MD5 Checksum: | 2852ba52cfaebadb42606bc1ad10308b |
|
| /// File Name: |
glsa-200808-05.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200808-05 - A buffer overflow error was found in ISC DHCP server, that can only be exploited under unusual server configurations where the DHCP server is configured to provide clients with a large set of DHCP options. Versions less than 3.1.1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2490 | | Related CVE(s): | CVE-2007-0062 | | Last Modified: | Aug 6 17:37:50 2008 |
| MD5 Checksum: | ebbacde4d8f36f0bb820cc149e11d6de |
|
| /// File Name: |
glsa-200808-06.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200808-06 - Chris Evans (Google Security) reported that the libexslt library that is part of libxslt is affected by a heap-based buffer overflow in the RC4 encryption/decryption functions. Versions less than 1.1.24-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2784 | | Related CVE(s): | CVE-2008-2935 | | Last Modified: | Aug 6 17:38:05 2008 |
| MD5 Checksum: | e9b59f5c0ec4c99d2dbdb1a11e9149a8 |
|
| /// File Name: |
glsa-200808-07.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200808-07 - Damian Put has discovered an out-of-bounds memory access while processing Petite files (CVE-2008-2713, CVE-2008-3215). Also, please note that the 0.93 ClamAV branch fixes the first of the two attack vectors of CVE-2007-6595 concerning an insecure creation of temporary files vulnerability. The sigtool attack vector seems still unfixed. Versions less than 0.93.3 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3037 | | Related CVE(s): | CVE-2007-6595, CVE-2008-2713, CVE-2008-3215 | | Last Modified: | Aug 8 14:51:21 2008 |
| MD5 Checksum: | f49c89cc70a72ef2c4200eb49c28dc0e |
|
| /// File Name: |
glsa-200808-08.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200808-08 - An unspecified bug in the OCSP search functionality of stunnel has been discovered. Versions less than 4.24 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2705 | | Related CVE(s): | CVE-2008-2420 | | Last Modified: | Aug 8 14:51:41 2008 |
| MD5 Checksum: | dcfde79aad7fdb18dd5d63cbc78a3428 |
|
| /// File Name: |
glsa-200808-09.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200808-09 - Cameron Hotchkies discovered an error within the parsing of ASN.1 BER encoded packets in the ber_get_next() function in libraries/liblber/io.c. Versions less than 2.3.43 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2559 | | Related CVE(s): | CVE-2008-2952 | | Last Modified: | Aug 8 14:52:10 2008 |
| MD5 Checksum: | 2618c0be4c9350e464e15c907b0cbc26 |
|
| /// File Name: |
glsa-200808-10.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200808-10 - The Johns Hopkins University Applied Physics Laboratory reported that input to an unspecified JavaScript method is not properly validated. Versions less than 8.1.2-r3 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2543 | | Related CVE(s): | CVE-2008-2641 | | Last Modified: | Aug 12 22:29:10 2008 |
| MD5 Checksum: | a480582c18395f3580e91ac92d3b326a |
|
| /// File Name: |
glsa-200808-11.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200808-11 - UUdeview makes insecure usage of the tempnam() function when creating temporary files. NZBGet includes a copy of the vulnerable code. Versions less than 0.5.20-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2988 | | Related CVE(s): | CVE-2008-2266 | | Last Modified: | Aug 12 23:36:45 2008 |
| MD5 Checksum: | a88ddb158fe6723d7928230ce4ec5397 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
